UK’s NHS warns of cyber threats using Log4Shell vulnerability in VMware servers

A report by the United Kingdom’s National Health Service is warning of threats leveraging Log4Shell vulnerability in VMware Horizon servers by an unknown cyber actor. The NHS said the attacks are designed to establish persistence with affective networks, likely as part of a reconnaissance phase. In doing so, the attackers use the Java Naming and Directory Interface via Log4Shell payloads to call back to malicious infrastructure. Once weaknesses are identified, the attack uses the Lightweight Directory Access Protocol to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.
Related News Articles
Headline
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…
Headline
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…
Headline
Cyberattacks on hospitals are urgent threats to patient safety, care delivery and public trust. In this conversation, Ajay Gupta, board chair of Trinity Health…
Headline
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and the National Security Agency June 30 released a fact…